How a Misconfigured CloudFront Cache Can Lead to Personal Data Leaks - Understanding and Securing API Caching
Introduction
When using CloudFront, many developers tend to choose the default cache policy Managed-CachingOptimized.
However, applying this policy to APIs without fully understanding how it works can lead to serious personal data leaks and other security incidents.
By default, CloudFront creates caches based on the request path.
In other words, the request path acts as the cache key.
User A accesses /images/icon_1.png
/images/icon_1.png
/images/icon_2.png
In short, CloudFront treats the request path as the cache key.
In 2021, a serious incident occurred at Klarna, a payment service provider based in Sweden.
Reference: Klarna Detailed Incident Report – Incorrect Cache Configuration
Here is what happened:
The CDN cached API responses intended for authenticated users, as a result, personal…
( 7
min )